From 7232bc0a99a7f55d9b5b41e2fb0b901dc0af7623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= Date: Tue, 9 Apr 2019 21:22:46 +0200 Subject: [PATCH] Attempt to use rich dependencies Selinux boolean should be set only in case given selinux policy is installed. Do not require it inside containers. --- bind.spec | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/bind.spec b/bind.spec index 494c5e9..870da24 100644 --- a/bind.spec +++ b/bind.spec @@ -164,9 +164,10 @@ Obsoletes: caching-nameserver < 31:9.4.1-7.fc8 Provides: caching-nameserver = 31:9.4.1-7.fc8 Obsoletes: dnssec-conf < 1.27-2 Provides: dnssec-conf = 1.27-2 -Requires(post): policycoreutils-python-utils -Requires(post): libselinux-utils -Requires(post): selinux-policy +# This wild require should satisfy %selinux_set_boolean macro only +# in case it needs to be used +Requires(post): ((policycoreutils-python-utils and libselinux-utils) if (selinux-policy-targeted or selinux-policy-mls)) +Requires(post): ((selinux-policy and selinux-policy-base) if (selinux-policy-targeted or selinux-policy-mls)) Recommends: bind-utils bind-dnssec-utils BuildRequires: gcc, make BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel @@ -1029,7 +1030,10 @@ fi; %post %?ldconfig -%selinux_set_booleans %{selinuxbooleans} +if -e %{_sysconfdir}/selinux/config; then + %selinux_set_booleans -s targeted %{selinuxbooleans} + %selinux_set_booleans -s mls %{selinuxbooleans} +fi if [ "$1" -eq 1 ]; then # Initial installation [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ; @@ -1061,9 +1065,12 @@ fi %postun %?ldconfig -%selinux_unset_booleans %{selinuxbooleans} # Package upgrade, not uninstall %systemd_postun_with_restart named.service +if -e %{_sysconfdir}/selinux/config; then + %selinux_unset_booleans -s targeted %{selinuxbooleans} + %selinux_unset_booleans -s mls %{selinuxbooleans} +fi %if %{with SDB} %post sdb